Import EKS Cluster using Terraform

Prerequisite

This script assumes that you have already created the necessary IAM resources to create EKS related resources through Kosmos.

For more details refer:

Introduction

This is Terraform script for importing existing Kosmos EKS Cluster using Kosmos-provider into Kosmos fleet. This is triggered by setting the value of kosmos_eksClusters.this.imported to True. User who runs this script must have required permission on AWS since it will create new AWS role for Kosmos Operator to import and configure EKS cluster it into Kosmos fleet.

Variables and Locals

NameExplainationType
kosmos_access_key (required)Kosmos Access keyString
aws_region (required)Region where EKS cluster is deployedString
imported_cluster_name (required)Name of the EKS clusterString
oidc_provider_arn (required)arn for existing OIDC providerString
fleet_name (required)Kosmos fleet where EKS will be improted into. For now, you must first create the fleet manually using Kosmos UIString
kosmos_role_arn (optional)Existing Kosmos Service Role ARN, if empty will auto create a new role and policyString

Adding delay on the creation of kosmos_eksClusters resource

There’s an issue from AWS provider where the required resource (role_policy_attachment) is created but not yet ready which results in race condtion when creating kosmos_eksClusters. The error thrown indicated that Kosmos is not authorized to assume the newly created role using the AWS AssumeRoleWithWebIdentity. This issue happens when we are importing existing EKS cluster using kosmos_eksClusters while also creating a new role, policy, and role_policy_attachment.

To overcome this we added a 5s delay in between the creation of role_policy_attachment and kosmos_eksClusters.

How to run

  1. Run python scop2aws.py to generate temporary credentials using SCOP
  2. Run terraform init to initialize the working directory and download Terraform providers and modules
  3. Run terraform plan -var="kosmos_access_key=(kosmos_access_key)" to preview the changes to be made by Terraform and read thoroughly on resources to be created
  4. Run terraform apply -var="kosmos_access_key=(kosmos_access_key)" -var="oidc_provider_arn=(oidc_provider_arn)" -var="fleet_name=(fleet_name)" -var="imported_cluster_name=(imported_cluster_name)" -var="aws_region=(aws_region)" and type yes when prompted
  5. To destroy all the resources, run terraform destroy -var="kosmos_access_key=(kosmos_access_key)" -var="oidc_provider_arn=(oidc_provider_arn)" -var="fleet_name=(fleet_name)" -var="imported_cluster_name=(imported_cluster_name) -var="aws_region=(aws_region)""

Download Resources

For complete examples and the latest updates, refer to:

Edit this page on GitHub

← EKS Cluster Module - Reference Guide
Troubleshoot →